During these challenging times, Severson & Werson remains open and in full operation, consistent with the firm’s previously established contingency planning. While many of our attorneys and staff will be working remotely, as a firm, we continue in full operation. We are here to help, as always.

Data Breach

Subscribe to Consumer Finance

Thank you for your desire to subscribe to Severson & Werson’s Consumer Finance Weblog. In order to subscribe, you must provide a valid name and e-mail address. This too will be retained on our server. When you push the “subscribe button”, we will send an electronic mail to the address that you provided asking you to confirm your subscription to our Weblog. By pushing the “subscribe button”, you represent and warrant that you are over the age of 18 years old, are the owner/authorized user of that e-mail address, and are entitled to receive e-mails at that address. Our weblog will retain your name and e-mail address on its server, or the server of its web host. However, we won’t share any of this information with anyone except the Firm’s employees and contractors, except under certain extraordinary circumstances described on our Privacy Policy and (About The Consumer Finance Blog/About the Appellate Tracker Weblog) Page. NOTICE AND AGREEMENT REGARDING E-MAILS AND CALLS/TEXT MESSAGES TO LAND-LINE AND WIRELESS TELEPHONES: By providing your contact information and confirming your subscription in response to the initial e-mail that we send you, you agree to receive e-mail messages from Severson & Werson from time-to-time and understand and agree that such messages are or may be sent by means of automated dialing technology. If you have your email forwarded to other electronic media, including text messages and cellular telephone by way of VoIP, internet, social media, or otherwise, you agree to receive my messages in that way. This may result in charges to you. Your agreement and consent also extend to any other agents, affiliates, or entities to whom our communications are forwarded. You agree that you will notify Severson & Werson in writing if you revoke this agreement and that your revocation will not be effective until you notify Severson & Werson in writing. You understand and agree that you will afford Severson & Werson a reasonable time to unsubscribe you from the website, that the ability to do so depends on Severson & Werson’s press of business and access to the weblog, and that you may still receive one or more emails or communications from weblog until we are able to unsubscribe you.

In In re Sonic Corp. Customer Data Sec. Breach Litig., No. 1:17-md-2807, 2021 U.S. Dist. LEXIS 168504, at *13-16 (N.D. Ohio Sep. 7, 2021), Judge Gwin denied summary judgment to the defendants, who argued that the criminal hacking constituted a supervening cause. Here, Sonic can only prevail by showing that the hackers' criminal acts were independent of Sonic's negligent security… Read More

In In re Sonic Corp. Customer Data Sec. Breach Litig. Fin. Insts., No. 1:17-md-2807, 2021 U.S. Dist. LEXIS 142001, at *5-6 (N.D. Ohio July 30, 2021), Judge Gwin refused to seal some of the data breach investigation from the Sonic data breach hack. In 2017, unidentified third parties accessed Sonic customers' payment card data. The hackers obtained customer payment card… Read More

In In re Rutter's Data Sec. Breach Litig., No. 1:20-CV-382, 2021 U.S. Dist. LEXIS 136220, at *2 (M.D. Pa. July 22, 2021), Judge Mahalchick ordered production of an investigative report from a cybersecurity consultant prepared in response to a data breach. Now before the Court is a discovery dispute regarding the production of an investigative report which was created after… Read More

On January 28, 2021, Judge Alsup, in the Northern District of California, denied in part and granted in part Defendants' Motion to Dismiss.  Flores-Mendez et al v. Zoosk, Inc. et al. (N.D. CA; 3:20-cv-04929-WHA). Zoosk, a dating app, is a subsidiary of Spark.  Spark's principal place of business is in Berlin.  Spark filed a 12(b)(2) motion challenging the Court's personal… Read More

On January 12, 2021, Judge David O. Carter granted Marriott’s Motion to Dismiss and dismissed the case, including Plaintiffs’ CCPA claim based on lack of standing.  Rahman v. Marriott International, Inc., et al.  (C.D. CA; 8:20-cv-00654), here, “Plaintiff alleges that class members were victims of a cybersecurity breach at Marriott when two employees of a Marriott franchise in Russia accessed… Read More

In Wengui v. Clark Hill, Civil Action No. 19-3195 (JEB), 2021 U.S. Dist. LEXIS 5395 (D.D.C. Jan. 12, 2021), Judge B0asberg ordered production of internal investigation reports regarding a cybersecurity breach, which were not protected by the attorney client or work product privileges. Malicious cyberattacks have unfortunately become a routine part of our modern digital world. So have the lawsuits… Read More

In In re StockX Customer Data Sec. Breach Litig., No. 19-12441, 2020 U.S. Dist. LEXIS 241178 (E.D. Mich. Dec. 23, 2020), Judge Roberts ordered the class representative’s claims to arbitration, despite the fact that they were minors when they signed the Terms of Service containing the Arbitration Clause. This action arises from a data breach to StockX's system which occurred… Read More

In Stasi v. Inmediata Health Grp. Corp., No. 19cv2353 JM (LL), 2020 U.S. Dist. LEXIS 217097 (S.D. Cal. Nov. 19, 2020), Judge Miller allowed a data security breach class action to proceed.  The basis of the class action was as follows: According to Plaintiffs' FAC,1 Inmediata provides billing and health record software and service solutions to healthcare providers. (FAC ¶¶… Read More

In Holly v. Alta Newport Hosp., Inc., No. 2:19-cv-07496-ODW (MRWx), 2020 U.S. Dist. LEXIS 195652 (C.D. Cal. Oct. 21, 2020), Judge Wright dismissed a data breach class action because the class representative could not demonstrate compensable loss. Holly alleges that she suffered "emotional harm and distress and has been injured in her mind and body." (SAC ¶ 49.) She also… Read More

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory yesterday, alerting companies who engage with victims of ransomware attacks of potential sanctions risks for facilitating ransomware payments.  This advisory highlights OFAC’s designations of malicious cyber actors and those who facilitate ransomware transactions under its cyber-related sanctions program. It identifies U.S. government resources for reporting… Read More

1 2 3